selfprivacy-nixos-config/flake.nix

{
  description = "SelfPrivacy NixOS configuration flake";

  inputs = {
    nixpkgs.url = github:nixos/nixpkgs;

    selfprivacy-api.url =
      git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;
    # make selfprivacy-api use the same shared nixpkgs
    selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = { self, nixpkgs, selfprivacy-api }: {
    nixosConfigurations-fun =
      { hardware-configuration
      , deployment
      , userdata
      , top-level-flake
      , sp-modules
      }:
      {
        default = nixpkgs.lib.nixosSystem {
          modules = [
            hardware-configuration
            deployment
            ./configuration.nix
            selfprivacy-api.nixosModules.default
            {
              # pass userdata (parsed from JSON) options to selfprivacy module
              selfprivacy = userdata;

              # embed top-level flake source folder into the build
              environment.etc."selfprivacy/nixos-config-source".source =
                top-level-flake;

              # for running "nix search nixpkgs", etc
              nix.registry.nixpkgs.flake = nixpkgs;

              # embed commit sha1 for `nixos-version --configuration-revision`
              system.configurationRevision = self.rev
                or "@${self.lastModifiedDate}"; # for development
              # TODO assertion to forbid dirty builds caused by top-level-flake

              # reset contents of /etc/nixos to match running NixOS generation
              system.activationScripts.selfprivacy-nixos-config-source = ''
                rm -rf /etc/nixos/{*,.[!.]*}
                cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/
              '';
            }
          ]
          ++
          # add SP modules, but contrain available config attributes for each
          # (TODO revise evaluation performance of the code below)
          nixpkgs.lib.attrsets.mapAttrsToList
            (name: sp-module: args@{ config, pkgs, ... }:
              let
                lib = nixpkgs.lib;
                configPathsNeeded = sp-module.configPathsNeeded or
                  (abort "allowed config paths not set for module \"${name}\"");
                constrainConfigArgs = args'@{ pkgs, ... }: args' // {
                  config =
                    # TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05
                    (builtins.foldl' lib.attrsets.recursiveUpdate { }
                      (map
                        (p: lib.attrsets.setAttrByPath p
                          (lib.attrsets.getAttrFromPath p config))
                        configPathsNeeded
                      )
                    );
                };
                constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive
                  (p: v:
                    # TODO traverse only imports and imports of imports, etc
                    # without traversing all attributes
                    if lib.lists.last p == "imports"
                    then
                      map
                        (m:
                          (args'@{ pkgs, ... }: constrainImportsArgsRecursive
                            (if builtins.isPath m
                            then import m (constrainConfigArgs args')
                            else
                              if builtins.isFunction m
                              then m (constrainConfigArgs args')
                              else m))
                        )
                        v
                    else v);
              in
              constrainImportsArgsRecursive
                (sp-module.nixosModules.default (constrainConfigArgs args))
            )
            sp-modules;
        };
      };
    formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
  };
}
test 2023-07-15 16:52:46 +04:00			`{`
nixosConfiguration-fun takes a set as an argument This set must contain: - hardware-configuration - userdata (parsed) 2023-11-06 11:40:32 +04:00			`description = "SelfPrivacy NixOS configuration flake";`
test 2023-07-15 16:52:46 +04:00
			`inputs = {`
selfprivacy/current-config-source => selfprivacy/nixos-config-source 2023-11-21 01:24:32 +04:00			`nixpkgs.url = github:nixos/nixpkgs;`
get rid of overlay for selfprivacy-graphql-api 2023-11-06 12:18:08 +04:00
migrate selfprivacy-api NixOS module to selfprivacy API repository But do not treat it as a SP module. 2023-11-16 06:31:31 +04:00			`selfprivacy-api.url =`
selfprivacy/current-config-source => selfprivacy/nixos-config-source 2023-11-21 01:24:32 +04:00			`git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git;`
migrate selfprivacy-api NixOS module to selfprivacy API repository But do not treat it as a SP module. 2023-11-16 06:31:31 +04:00			`# make selfprivacy-api use the same shared nixpkgs`
			`selfprivacy-api.inputs.nixpkgs.follows = "nixpkgs";`
test 2023-07-15 16:52:46 +04:00			`};`

migrate selfprivacy-api NixOS module to selfprivacy API repository But do not treat it as a SP module. 2023-11-16 06:31:31 +04:00			`outputs = { self, nixpkgs, selfprivacy-api }: {`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`nixosConfigurations-fun =`
get rid of system argument; do not set nixpkgs.hostPlatform 2023-12-05 07:36:26 +04:00			`{ hardware-configuration`
get system.stateVersion from "deployment" argument 2023-12-05 04:41:35 +04:00			`, deployment`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`, userdata`
			`, top-level-flake`
			`, sp-modules`
			`}:`
			`{`
/etc/nixos#sp-nixos => /etc/nixos#default 2023-12-27 14:02:27 +04:00			`default = nixpkgs.lib.nixosSystem {`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`modules = [`
			`hardware-configuration`
get system.stateVersion from "deployment" argument 2023-12-05 04:41:35 +04:00			`deployment`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`./configuration.nix`
migrate selfprivacy-api NixOS module to selfprivacy API repository But do not treat it as a SP module. 2023-11-16 06:31:31 +04:00			`selfprivacy-api.nixosModules.default`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`{`
clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:06 +04:00			`# pass userdata (parsed from JSON) options to selfprivacy module`
			`selfprivacy = userdata;`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`# embed top-level flake source folder into the build`
selfprivacy/current-config-source => selfprivacy/nixos-config-source 2023-11-21 01:24:32 +04:00			`environment.etc."selfprivacy/nixos-config-source".source =`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00			`top-level-flake;`

PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`# for running "nix search nixpkgs", etc`
			`nix.registry.nixpkgs.flake = nixpkgs;`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00
system.configurationRevision = self.rev or "@${self.lastModifiedDate}" 2023-11-14 05:23:10 +04:00			# embed commit sha1 for `nixos-version --configuration-revision`
			`system.configurationRevision = self.rev`
			`or "@${self.lastModifiedDate}"; # for development`
			`# TODO assertion to forbid dirty builds caused by top-level-flake`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00
			`# reset contents of /etc/nixos to match running NixOS generation`
			`system.activationScripts.selfprivacy-nixos-config-source = ''`
			`rm -rf /etc/nixos/{,.[!.]}`
			`cp -r --no-preserve=all ${top-level-flake}/ -T /etc/nixos/`
			`'';`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`}`
			`]`
			`++`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`# add SP modules, but contrain available config attributes for each`
			`# (TODO revise evaluation performance of the code below)`
flake: abort on missing configPathsNeeded with message 2023-12-01 08:32:31 +04:00			`nixpkgs.lib.attrsets.mapAttrsToList`
			`(name: sp-module: args@{ config, pkgs, ... }:`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`let`
			`lib = nixpkgs.lib;`
flake: abort on missing configPathsNeeded with message 2023-12-01 08:32:31 +04:00			`configPathsNeeded = sp-module.configPathsNeeded or`
			`(abort "allowed config paths not set for module \"${name}\"");`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`constrainConfigArgs = args'@{ pkgs, ... }: args' // {`
			`config =`
			`# TODO use lib.attrsets.mergeAttrsList from nixpkgs 23.05`
			`(builtins.foldl' lib.attrsets.recursiveUpdate { }`
			`(map`
			`(p: lib.attrsets.setAttrByPath p`
			`(lib.attrsets.getAttrFromPath p config))`
flake: abort on missing configPathsNeeded with message 2023-12-01 08:32:31 +04:00			`configPathsNeeded`
			`)`
			`);`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`};`
			`constrainImportsArgsRecursive = lib.attrsets.mapAttrsRecursive`
			`(p: v:`
TODO notes: flake: config contrain algorithm 2023-11-15 20:18:45 +04:00			`# TODO traverse only imports and imports of imports, etc`
			`# without traversing all attributes`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`if lib.lists.last p == "imports"`
			`then`
			`map`
			`(m:`
			`(args'@{ pkgs, ... }: constrainImportsArgsRecursive`
			`(if builtins.isPath m`
			`then import m (constrainConfigArgs args')`
			`else`
			`if builtins.isFunction m`
fix config attributes contrain for function imports 2023-11-26 08:56:48 +04:00			`then m (constrainConfigArgs args')`
fix config attributes contrain mechanism for SP modules Now it should work for all nested imports too. `imports` are traversed recursively to redefine each imported module function with altered one, constraining its config attribute (respecting config-paths-needed.json). 2023-11-15 04:15:50 +04:00			`else m))`
			`)`
			`v`
			`else v);`
			`in`
			`constrainImportsArgsRecursive`
			`(sp-module.nixosModules.default (constrainConfigArgs args))`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`)`
flake: abort on missing configPathsNeeded with message 2023-12-01 08:32:31 +04:00			`sp-modules;`
test 2023-07-15 16:52:46 +04:00			`};`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`};`
just-nixos => sp-nixos; selfprivacy/current-config-source; add formatter 2023-11-14 02:47:01 +04:00			`formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`};`
test 2023-07-15 16:52:46 +04:00			`}`